Ejemplo n.º 1
0
 function _retryReport()
 {
     require_once libfile('class/sec');
     $sec = Sec::getInstance();
     $sec->retryReportData();
 }
Ejemplo n.º 2
0
    /**
     * The public action for loging into the system
     * @access public
     * @todo TestCase
     */
    public function login()
    {

        $error = true;
        if(!empty($this->data)){
            $user = $this->User->find('first', array(
                'conditions'=>array('or' => array(
                    'User.id' => $this->data['User']['username'],
                    'User.username' => $this->data['User']['username'],
                    'User.email' => $this->data['User']['username']
                )),
                'contain' => array(
                    'UserSetting' => array()
                )
            ));

            if(empty($user)){
                $this->log("User not found {$this->data['User']['username']}", 'weekly_user_login');
                $error = true;
            }else{

                if(Configure::read('Login.attempts') > 0){

                    if($user['User']['last_login_attempt'] != null){
                        if(($user['User']['last_login_attempt'] + (Configure::read('Login.lockout')*60))
                                                                                                    > strtotime('now')){

                            if($user['User']['login_attempts'] == Configure::read('Login.attempts')){
                                $this->set('lockout', 1);
                                $this->request->data['User']['password'] = null;
                            }

                        }else{
                            $person['Person']['login_attempts'] = 0;
                            $person['Person']['last_login_attempt'] = null;
                            $person['Person']['id'] = $user['User']['id'];
                            $this->Person->save($person);
                        }
                    }
                }

                $hash = Sec::hashPassword($this->data['User']['password'], $user['User']['salt']);

                if($hash == $user['User']['password']){

                    if($this->Auth->login($user['User'])){
                        $this->Session->setFlash(__('You have been authenticated'), 'success');

                        $this->Session->write('Auth.User', $user['User']);
                        $this->Session->write('Auth.User.Settings', $user['UserSetting']);

                        $this->Access->permissions($user['User']);

                        $person['Person']['login_attempts'] = 0;
                        $person['Person']['last_login_attempt'] = null;
                        $person['Person']['id'] = $user['User']['id'];
                        $this->Person->save($person);

                        $this->redirect($this->Auth->redirect());

                        $error = false;
                    }else{
                        $error = true;
                    }

                }else{

                    if(Configure::read('Login.attempts') > 0){

                        if($user['User']['login_attempts'] < Configure::read('Login.attempts')){
                            $person['Person']['last_login_attempt'] = strtotime('now');
                            $person['Person']['login_attempts'] = ($user['User']['login_attempts']+1);
                            $person['Person']['id'] = $user['User']['id'];

                            $this->Person->save($person);
                        }

                    }

                    $this->log("Password mismatch {$this->data['User']['username']}", 'weekly_user_login');
                    $error = true;
                }
            }

            if($error) {
                $this->Session->setFlash(__('You could not be authenticated'), 'error');
            }
        }

        $this->set('title_for_layout', __('Login to Your Account'));
    }
Ejemplo n.º 3
0
    /**
     * A generalized method for performing a password change
     * @access public
     * @param data array - A 1 deminisonal array focused in the user data
     * @return array
     */
    public function changePassword($data)
    {
        $this->create();

        //Create a salt value for the user
        $salt = Sec::makeSalt();

        //Load salt into the data array
        $data['salt'] = $salt;


        $data['temp_password'] = $data['password'];

        //Hash the password and its verifcation then load it into the data array
        $data['password'] = Sec::hashPassword($data['password'], $salt);
        $data['verify_password'] = Sec::hashPassword($data['verify_password'], $salt);

        //set expiration date for the password
        $data['password_expires'] = date("Y-m-d H:i:s", strtotime("+".Configure::read('Password.expiration')." Days"));

        //Clear out any password reset request tokens along with a successfull password reset
        $data['password_reset_token'] = null;
        $data['password_reset_token_expiry'] = null;

        //Try to save the new user record
        if($this->save($data)){
            $_SESSION['Auth']['User']['password_expires'] = $data['password_expires'];

            return array('password' => $data['password'], 'salt' => $data['salt']);
        }else{
            return array();
        }
    }
Ejemplo n.º 4
0
function logBannedMember($username, $reason = 'Admin Banned')
{
    if (notOpenService()) {
        return false;
    }
    if (!$username) {
        return false;
    }
    $username = daddslashes($username);
    $uid = DB::result_first("SELECT uid FROM " . DB::table('common_member') . " WHERE username = '******'");
    if ($uid) {
        require_once libfile('class/sec');
        $sec = Sec::getInstance();
        $data = array('uid' => $uid, 'openId' => getOpenId($uid), 'clientIp' => getMemberIp($uid));
        $sec->logFailed('banUser', $data, $reason);
    }
}
Ejemplo n.º 5
0
 /**
  * The result of makeSalt() MUST NOT ever yeild the same results twice
  *
  * @return void
  * @access public
  */
 public function testMakeSaltAmbiguity() {
   $hash1 = Sec::makeSalt();
   $hash2 = Sec::makeSalt();
   $this->assertNotEqual($hash1, $hash2);
 }
Ejemplo n.º 6
0
<?php

/**
 *		[Discuz!] (C)2001-2099 Comsenz Inc.
 *		This is NOT a freeware, use is subject to license terms
 *
 *		$Id: job.inc.php 27070 2012-01-04 05:55:20Z songlixin $
 */
if (!defined('IN_DISCUZ')) {
    exit('Access Denied');
}
if ($_G['gp_formhash'] != formhash()) {
    exit('Access Denied');
}
require_once libfile('class/sec');
$sec = Sec::getInstance();
$limit = 3;
while ($limit > 0) {
    $limit = $limit - 1;
    $sec->retryReportData();
}